Application Consent - Persistent access for the good and bad!

Lock note speaker :) Subscribe to our channel! Talk from BSides Perth 2021 Web: https://www.bsidesperth.com.au Twitter: https://www.twitter.com/bsidesper Talk: Application Consent - Persistent access for the good and bad! Application consent allows a third party service to gain persistent access to resources in your environment. This can be something simple like scheduled automation scripts, using a Github account to log into HacktoberFest, or granting access to email and calendar for your fancy smart whiteboard. Recent high profile security incidents have shown how API access have been exploited to be used for persistence. Management of the application consent process, and environment access for registered applications were free and unfettered in many environments, allowing bad guys to do what they wanted in a largely unobserved way. This talk will explain about the application consent process, and why as an application developer you need to ensure you request only the minimum permissions required for your application to work. The talk will explain to those responsible for administration and security of an environment how they can control and manage potential security risks in the environment caused by these allowed applications. About the presenter: George Coldham George is a dad, husband, best friend, worst friend, geek and Senior Consultant at Empired Ltd. George goes out of his way to learn new things every day, sometimes Cyber related and loves to share that knowledge to help make a difference in others lives. George finds purpose through service and is super excited to be here today